From dba02b91eff93f0a2fc661e5d5df10dd485cb5c2 Mon Sep 17 00:00:00 2001 From: tomoron Date: Wed, 10 Jun 2026 12:02:05 +0200 Subject: [PATCH] disable yubikey fde unlock --- osConfigs/hosts/laptop.nix | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/osConfigs/hosts/laptop.nix b/osConfigs/hosts/laptop.nix index d289713..c2a0fe1 100644 --- a/osConfigs/hosts/laptop.nix +++ b/osConfigs/hosts/laptop.nix @@ -6,7 +6,7 @@ # By: tomoron +#+ +:+ +#+ # # +#+#+#+#+#+ +#+ # # Created: 2025/09/06 00:56:57 by tomoron #+# #+# # -# Updated: 2026/05/31 15:18:34 by tomoron ### ########.fr # +# Updated: 2026/06/09 17:10:44 by tomoron ### ########.fr # # # # **************************************************************************** # @@ -15,21 +15,24 @@ { services.udev.packages = [ pkgs.yubikey-personalization ]; boot.initrd.kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ]; - boot.initrd.systemd.enable = false; - boot.initrd.luks.yubikeySupport = true; + boot.initrd.systemd.enable = true; + boot.initrd.luks.yubikeySupport = false; boot.initrd.luks.devices.cryptroot = { device = "/dev/disk/by-uuid/a4593b01-069d-4a5d-a550-74a762b89b3f"; allowDiscards = true; #set up initial : https://wiki.nixos.org/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS - yubikey = { - twoFactor = false; - keyLength = 64; - saltLength = 32; - storage = { - device = "/dev/disk/by-uuid/BA5C-F216"; - path = "/default"; - }; - }; + #yubikey = { #bad implementation upstream. unlock with be with fallback password until it's better + # twoFactor = false; + # keyLength = 64; + # saltLength = 32; + # storage = { + # device = "/dev/disk/by-uuid/BA5C-F216"; + # path = "/default"; + # }; + #}; + + + }; boot.blacklistedKernelModules = [ "nvidia" "nvidia_drm" "nvidia_uvm" ]; #speeds up startup